Forum Discussion
NimbostratusF5 APM monitor VPN user destinations
Hello,
Is F5 APM capable of showing the destinations that the VPN user is trying to reach to?
Can we get this information by default, or does it require customization?
Shall be seen through AVR?
3 Replies
- Injeyan_Kostas
Nacreous
You can achieve this by assigning an ACL also to the users.
In ACL you can either allow or deny destinations but enable logging.
This way you could see all connections under each sessions.
But I don't think you should do it and flood your BIG-IP with so many logs.
But why don't you get this info from the firewall? I suppose there is one after F5.
User100000Yes, we thought in enable logging option. this can be viewed by CLI only, and which log file?
AVR does not support in this?
What is the best practice in APM to have the traffic flow in the network by the IP assigned to the user from the pool or by F5 IPas the wizard make the configuration to the required resources reached by F5 self IP not the user IP assigned from the pool
- Injeyan_Kostas
I think AVR cannot show this.
You can also see it in GUI under Access ›› Overview : Active Sessions and clicking each session id
for cli check /var/log/apmFor traffic flow the best is to let users flow with their assigned IPs and not do SNAT but this depends on your topology.
Wizards are for the ease of use do not just rely on wizards.
Moreover you could do some irule magic and integrate F5 VPN with your firewall, depends the FW, and push user info with API in order to map user with IP. In this case FW will be able to use user based rules instead of source IP.
